Cybersecurity & Data Privacy Insights

As technology associated with commercial real estate has evolved, landlords are confronted with conundrum: How to use new technologies to modernize buildings and increase profitability by attracting high quality tenants through maximizing tenant experience, while addressing the cybersecurity threats that accompany these new technologies?

The exact problem will differ based on the type of commercial property being offered by a landlord, but the overriding concern remains the same, namely, how to secure the property from cyber-security breaches.  For instance, whether a landlord owns: (i) a climate controlled industrial property used for housing cloud servers, storing food or pharmaceuticals, (ii) a multi-tenant retail property with an open WIFI network and cloud-based security system, or (iii) a mixed use development with state of the art building systems, should the integrated building systems of these properties be accessed and manipulated by a hacker, it could wreak havoc on the tenants, who will seek relief from the landlord. What can a commercial landlord do today to prevent this disaster from occurring and protect its assets and reputation?

Step 1: Technology Audit

Published on:
Updated:

This webinar addresses best practices to protect yourself virtually during the coronavirus pandemic.

Presented by Eric Levine, Executive Vice President of Lindabury, McCormick, Estabrook, & Cooper and Co-Chair of the firm’s Cybersecurity and Data Privacy practice, this virtual presentation was hosted by The Suburban Chamber of Commerce.

Mr. Levine works with and creates cybersecurity policies and procedures for corporate leaders as well as with internal cyber-breach response teams that respond to cyber-attacks. He advises corporations and executives on mitigating the impact of cyber-breaches and counseling on post-breach regulatory reporting and client/customer notification duties. Mr. Levine is an accomplished litigator who has trial experience in both state and federal courts. As such, he works with corporations to defend claims brought by plaintiffs affected by cyber-breaches.

By the time you are reading this guidance, your business has likely been operating under a shelter in place order or perhaps even a governmental quarantine in response to the Coronavirus pandemic, and your staff has been operating remotely for an extended period.  While it may be too soon to fully assess whether remote access and teleworking is functioning optimally for your business, it is not too soon to ensure that the process of remote access and telework is being undertaken on the enterprise level in a safe and diligent fashion. Indeed, this is a responsibility that should be addressed from the Board of Directors and C-suite level down to the factory floor.

While the topic of remote access and its impact on cybersecurity could fill up volumes, there are two aspects of remote access and telework that businesses of all sizes need to acknowledge and address immediately. First, while remote access and telework were on the rise before the Coronavirus Pandemic, they are now most assuredly an integral part of your business for the foreseeable future. Your customers and staff expect you to be able to keep your business open through remote operations, and the harsh reality is that businesses that cannot operate remotely in some capacity have less chance of success during periods of shelter in place orders, governmental quarantines and social distancing.

Second, with more staff utilizing remote access and telework during the pandemic, the likelihood of your business’s information technology and the data stored thereon being exposed through cyber-breaches and attacks has grown exponentially.  There are countless articles explaining the inherent dangers of remote access and telework, but the theme that permeates them all is that working remotely comes with its own set of dangers and that hackers and cybercriminals who have already been relentlessly attacking businesses through email and phishing scams, DDoS attacks, ransomware and social engineering, have already increased their attacks on businesses using remote access.  Simple changes in your staff’s routines caused by new procedures can throw them off balance and create an opportunity for a hacker to exploit.

Published on:
Updated:

Eric Levine,  Cybersecurity & Data Privacy co-chair of Lindabury, McCormick, Estabrook & Cooper,  was quoted by Legaltech news, in a recent article concerning the coronavirus’ impact on law firms.  Eric says “the firm is proactively reminding the firm’s lawyers and staff to remain vigilant against coronavirus-related phishing emails.

“From a cybersecurity and data privacy standpoint, people must be aware that the virus itself presents an opportunity for hackers and wrongdoers to gain access to resources,” he said. “I sent an email to our staff and attorneys with an article saying to be careful for these types of email scams, they’re more potent because they’re tied to a health scare.”

To read the full article as published online at Law.com click here, a subscription may be required.

Robert Anderson, a shareholder at Lindabury, McCormick, Estabrook & Cooper and a member of the firm’s Cybersecurity & Data Privacy practice group was recently questioned by Tom Hughes of ROI-NJ, regarding the reasons a business should consult an attorney to oversee cybersecurity planning and preparation.  In short; the answer is: attorney-client privilege.

If you have a breach and your company gets sued — and it will, Anderson said — having all of your preparation protected could result in huge savings of both money and reputation. Anderson, speaking at a recent ROI-NJ Thought Leadership Series panel, explained how. “When you’re first starting to put together a program to protect your company, one of the things that you will typically want to do is hire someone called an ethical hacker, who will try to get into your system,” he said. “The results of this kind of a penetration testing that determines the vulnerabilities and weaknesses in your system will be in a report that goes on for pages and pages of all the problems in your system. If you do end up with an attack and end up in litigation, Exhibit A in the litigation is going to be this detailed report that shows all the vulnerabilities of your system, and they’ll be able to see how you elected to prioritize the problems. “The litigants are then going to say you knew you had these vulnerabilities and spot the one you didn’t fix.” Having legal counsel order the penetration test would likely shield that document by virtue of attorney-client privilege, Anderson said.

You may visit ROI-NJ to read the full article or download a copy here.

Andrew Gibbs, a member of Lindabury’s Cybersecurity & Data Privacy practice group, is quoted in a recent issue of NJ-ROI concerning the confusion surrounding the argument to purchase insurance protection plans focusing on cybersecurity issues.  Andy says, “Cybercriminals are starting to target smaller and mid-sized businesses.  Those companies need to start making this more of an important consideration. It’s true that a lot of companies might still be saying, ‘I’m not sure I need this — it’s too expensive but the reality is, this insurance is not that expensive compared to the actual cost of a loss from a cyberattack.”

You can read the full NJ-ROI article here.

Published on:
Updated:

Eric Levine, co-chair of Lindabury’s Cybersecurity and Data Privacy practice is quoted in a recent issue of NJBIZ regarding the growing digital threat often disguised as a legitimate-looking email.  Eric says that when our firm receives an email in regards to a bank transaction, “We won’t cut a check against it until it clears our financial institution, and then we’ll wait up to another 10 days.   It can be an inconvenience for a client, but this way we know the money is good.”

To read the full NJBIZ article click here.

Published on:
Updated:

In a recently published article by Relias Media, Andrew Gibbs says “It is useful to think of cyberinsurance as filling in gaps in existing insurance coverage.  Cyberinsurance can fill in gaps, and in some cases give you interlocking or overlapping coverage.  A large organization might have a crime policy with a social engineering endorsement, and then if you get a standalone cyberpolicy that also has social engineering coverage, you’ll have an overlap. That overlap helps protect you because those policies are going to limits and exclusions that might be overcome by the other policy.”

“There may be higher deductibles for certain kinds of cyberlosses, so healthcare organizations should get with their brokers or lawyers and try to maximize the coverage they can get within their financial restraints,” Gibbs says. “They also should watch carefully for exclusions and language that lessens the coverage.”

You may download the full article here.

Published on:
Updated:

Eric Levine, co-chair of Lindabury’s Cybersecurity & Data Privacy practice group spoke recently to attendees during NAIOP New Jersey’s final installment of their “Future Proof Your Buildings” series.

Coverage of the event by Real Estate Weekly was recently published providing highlights and strategies for ensuring security of smart cities throughout the state.

Eric says he believes liability is one of the fundamental risks facing building owners.

Published on:
Updated:

Eric Levine and Robert Anderson co-authored the recently published article in Training Industry addressing the need of businesses to assess their own cybersecurity risks and openly exchange internal information to effectively address and mitigate an actual breach situation. Yet a company’s internal assessments of its own weaknesses and the holes in its cybersecurity protections can, ironically, actually expose the company to even greater danger in future security breach litigation.

Read the full article online here.

Training Industry, Inc. (Dec. 18, 2018). How Cybersecurity Training Protects Your Organization Even After a Breach.

 

Published on:
Updated:
Contact Information